The concept of active lures in internal systems has gained importance in recent years, particularly with the emergence of new offerings such as Cymmetria or Illusive Networks , among others. Companies have also long used jars of honey - or honeypots - that seek to attract attackers with the promise of targets at hand. Enough to allow security teams to monitor attackers.

More active defense strategies have emerged in recent years, including deceptive hosts on the network, tracking cookies and other mechanisms to try to determine the true origin of an attacker, follow his tactics and methods . It is also possible to change their behavior of a server or web application when suspicious attacks or probes are detected - possibly slowing down the attacker or diverting his attention.

Now, active defense techniques are also turning to cloud-based environments. Fidelis Cybersecurity has just launched a platform with active cyber-deception as its main feature. The Fidelis Deception Toolkit, part of its Elevate platform, enables administrators to deploy lures into cloud provider environments.

Kết quả hình ảnh cho công nghệ

Active lure techniques

Fidelis Deception supports several common techniques of active deception. It starts with the lure files, which contain supposedly sensitive fake data that may attract the interest of the attackers. Added to this are fake accounts, which may appear to an external malicious third party as offering an opportunity to access higher rights, or to other parts of the environment.

Breadcrumbs are also an appetizing service for the attacker, who will want to explore in the hope of discovering potentially vulnerable systems. And finally there are hosts willingly made vulnerable or more accessible to simply occupy the malotrus.

Historically, deploying lure technologies internally may have been impractical, particularly because of the administrative burden of supervising and keeping the deception in operational conditions.

Above all, maintaining a large business environment with its legacy platforms and a highly distributed network is difficult enough in itself for anyone to want to set up lures, with the risk of losing track of them over time.

But in the cloud, it can be much easier to set up and maintain decoys, because there is only one single base to follow. And the means of monitoring the environment, by dedicated interfaces, in particular, are not lacking. For example, assets in AWS or Microsoft Azure can be centrally inventoryed to help security teams administer those resources. There are many new logging and automation tools that can be used in conjunction with lure toolkits.

The emergence of a new generation of lure systems is promising: when someone interacts with one of them, it is necessarily suspect and it is possible to prioritize investigations by limiting false positives.

Deploying this technology could easily help shut down common attack vectors, such as hacked accounts, configuration and access control failures, and so on. Since all cloud assets are virtual - or software-based - the generation and exploitation of these resources is fast and painless.

However, there is a disadvantage to take into account: the increase in recurrent costs simply because of the use of additional resources. Before deploying these technologies, the cost / benefit ratio needs to be carefully considered.